On Wed, 15 Apr 2026 15:17:16 GMT, Alan Bateman <[email protected]> wrote:
>> Per [RFC 6066 "3. Server Name Indication"], disallow IP literals in >> `SNIHostName::new`. >> >> While the following two call-sites could be simplified by removing IP >> literal checks, I've refrained from doing so because delegating some of the >> checks to an exception catching mechanism would impact the performance: >> >> sun.security.ssl.Utilities::rawToSNIHostName >> sun.net.www.protocol.https.HttpsClient::afterConnect >> >> [RFC 6066 "3. Server Name Indication"]: >> https://www.rfc-editor.org/rfc/rfc6066.html#page-6 >> >> --------- >> - [X] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > I've added the "csr" label as I think (and correct me if I have this wrong) > that javax.net.ssl.SNIHostName can now fail for cases that it didn't > previously fail. Yes - a CSR is needed for this change. Thanks for adding the label @AlanBateman. ------------- PR Comment: https://git.openjdk.org/jdk/pull/30747#issuecomment-4253295146
